Problems with writing to sector trailer of Mifare Classic 1K card

Question

I work with mifare classic 1k card and I have a trouble. I want to rewrite access bits of the sector 0x23. Now sector trailer contain these bytes: 42 5a a8 b7 10 84 17 80 fe 0b c9 1e 70 e2 ef b0, where

Key A = 42 5a a8 b7 10 84

Key B = c9 1e 70 e2 ef b0

and

AccessBits = 17 80 fe 0b

I see that I need authenticate with key A if I want to write data in sector trailer. Ok, no problems, I know key A. After authentication, I build APDU for updating sector trailer:

FF D6 00 23 10 42 5A A8 B7 10 84 17 84 FA 0B C9 1E 70 E2 EF B0

And send it. But I have error with code 63 00. What am I doing wrong?

Answer 1

I am currently facing this problem as well, being a beginner exploring the mechanisms and concepts of RFID. Put simply, I think once a card has be written, sector 0 can no longer be edited, this is like burning a CD-R disk.

It is a pain as I wasted 3 cards in the process of trying to achieve what I desire. As a result, valuable knowledge has been gained.

If my understandings are correct, the trailer block configures the security of the value blocks, since the blocks residing in sector 0 contains important data such as unique identifier, protocol and standard, it can only be written once.

Answer 2

The access bits 17 80 FE decode to C1 = 0x8, C2 = 0xE and C3 = 0xF, so the access bits are:

• (C1 C2 C3)_3 = 1 1 1
• (C1 C2 C3)_2 = 0 1 1
• (C1 C2 C3)_1 = 0 1 1
• (C1 C2 C3)_0 = 0 0 1

Therefore, data block 0 permits read and decrement access with key A & B, data blocks 1 and 2 permit read and write access with key B. The secor trailer (block 3) is permanently write protected (only read access with key A & B to the access bits is permitted).

So you cannot update that secor's trailer block as it is permanently write protected.